Security · Historical Record
Pre-Launch Security Audit (2019)
This page documents the original pre-mainnet cryptographic audit of Ergo, performed by Jean-Philippe Aumasson (veorq) in December 2019, before the protocol went live.
This is the original 2019 review — kept on this page for historical reference. It is not a current security guarantee for the live protocol, ecosystem dApps, wallets, bridges, or experimental SDKs (such as ChainCash and the agent-economy stack).
For current security status, follow the Ergo node security advisories on GitHub. For ecosystem projects (wallets, bridges, dApps, SDKs) — review the project's own repository and any audits they publish before committing significant value. To report a security issue here, follow the responsible disclosure policy.
Summary (2019)
- The audit covered: Sigma protocol proofs, wallet secret storage, and Proof-of-Work validation.
- No critical vulnerabilities were found at the time of review.
- Recommendations were made for password policies and parameter validation.
Sigma Protocol Proofs
The Ergo protocol relies on ErgoScript, a scripting language supporting sigma-statements, which can be proven and verified through non-interactive proofs of knowledge. The audit reviewed the implementation for safe encoding, serialization, and correct verification logic.
- Reviewed code from SigSerializer, Interpreter, and ProverInterpreter.
- No security issues identified in proof creation or verification.
- Scala eliminates certain bug classes, but care is still needed for unhandled errors.
Wallet
The audit reviewed wallet secret storage and recovery, focusing on entropy generation, BIP39 mnemonic, and AES-GCM encryption. Two main risks were identified:
- Password length: No enforced minimum. Recommendation: require at least 16 characters for strong security.
- Memory safety: Secret values may remain in memory after execution due to garbage collection. This is a limitation of Scala and most modern languages.
Proof-of-Work Validation
The audit reviewed the latest Autolykos PoW verification logic, ensuring it matches the protocol specification and is properly integrated into block header validation.
- Stricter validation of k and n parameters recommended.
- Assert that k and n are positive values.
- Changing these parameters requires a new network or protocol fork.
The original 2019 review is published in full as a blog post on the ergoplatform.org domain (the historical Ergo Foundation site). It covers Sigma-protocol proofs, wallet secret storage, and PoW validation as of December 2019.
Current Audit Coverage
No current comprehensive audit covers every live dApp, wallet, bridge, and experimental agent SDK in the Ergo ecosystem. This matrix summarises what is and isn't under audit today.
| Component | Audit status | Notes |
|---|---|---|
| Ergo node / protocol (2019 cryptography review) | Reviewed 2019 | Sigma proofs, wallet, PoW validation. Historical — does not cover changes since. |
| Wallets (Nautilus, SAFEW, Ledger, Satergo, mobile) | Project-specific | Each wallet maintains its own audit/disclosure posture. Verify per-project before storing significant value. |
| Rosen Bridge | Project-specific | Bridge security is independent of Ergo node audits. Review Rosen's own publications. |
| Accord Protocol (testnet) | Not audited | Mainnet writes are gated by signed audit manifests. Testnet only until then. |
| ChainCash reference implementation | Not audited | Open-source prototype / research code. Not production-ready. |
| Agent SDKs (@accord-protocol/*, ergo-agent-* compatibility) | Not audited | Reference implementations. Pin versions and review code before mainnet integration. |
| Third-party dApps (DEXs, lending, NFT) | Project-specific | Each dApp publishes its own audits (or doesn't). Always check before committing funds. |
For coordinated security disclosures, follow the responsible disclosure policy. As of 2026-05-08 there are no published advisories on the public GitHub Security Advisories list — disclosures are handled privately until coordinated release.